You can configure
message-level security for a Web Services
Metadata Exchange (WS-MetadataExchange) GetMetadata request by specifying
a suitable policy set and binding. You do this when you configure
a web service provider to share its policies or a web service client
to obtain the policies of a service provider.
About this task
By default, the WS-MetadataExchange GetMetadata request uses
the transport-level security configuration of the application. You
might want to apply message-level security if transport-level security
is not available on the application endpoint, or if transport-level
security is not adequate for your requirements. An advantage of message-level
security is that it provides end-to-end security, which is especially
important for the exchange of security metadata.
You can configure
security for a WS-MetadataExchange request by using the administrative
console. You can also configure security for a WS-MetadataExchange
request by using wsadmin commands.
Procedure
- For
a service provider, in the Policy Sharing panel on
the administrative console, select Attach a system policy
set to the WS-MetadataExchange. For a service client,
in the Policies Applied panel on the administrative console, select Attach
a system policy set to the WS-MetadataExchange.
- Select a system policy set to provide message-level security
from the Policy set list. You can select from system policy
sets that contain only WS-Security policies, only WS-Addressing policies,
or both. The default policy set is SystemWSSecurityDefault. If the
policy sets that are listed are not suitable for your requirements, create your own
system policy set, then return to this procedure.
- Select a general binding for the policy set attachment
from the Binding list. You can select from general bindings that are
scoped to the global domain, or the security domain of this service.
If the bindings that are listed are not suitable for your requirements, create your own general
binding, then return to this procedure.
- Click OK.
- Save your changes to the master configuration.
Results
Message-level security is applied to the WS-MetadataExchange
GetMetadata request.